[apple/security.git] / OSX / libsecurity_pkcs12 / lib / pkcs12Utils.h

/*
 * Copyright (c) 2003-2004,2011,2013-2014 Apple Inc. All Rights Reserved.
 * 
 * @APPLE_LICENSE_HEADER_START@
 * 
 * This file contains Original Code and/or Modifications of Original Code
 * as defined in and that are subject to the Apple Public Source License
 * Version 2.0 (the 'License'). You may not use this file except in
 * compliance with the License. Please obtain a copy of the License at
 * http://www.opensource.apple.com/apsl/ and read it before using this
 * file.
 * 
 * The Original Code and all software distributed under the License are
 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
 * Please see the License for the specific language governing rights and
 * limitations under the License.
 * 
 * @APPLE_LICENSE_HEADER_END@
 */
/*
 * pkcs12Utils.h
 */
 
#ifndef	_PKCS12_UTILS_H_
#define _PKCS12_UTILS_H_

#include <Security/cssmtype.h>
#include <security_asn1/SecNssCoder.h>
#include <security_pkcs12/pkcs7Templates.h>
#include <security_pkcs12/pkcs12Templates.h>
#include <Security/cssmerr.h>
#include <CoreFoundation/CoreFoundation.h>

#ifdef __cplusplus
extern "C" {
#endif

/* malloc a NULL-ed array of pointers of size num+1 */
void **p12NssNullArray(
	uint32 num,
	SecNssCoder &coder);

/* CSSM_DATA --> uint32. Returns true if OK. */
bool p12DataToInt(
	const CSSM_DATA &cdata,
	uint32 &u);

/* uint32 --> CSSM_DATA */
void p12IntToData(
	uint32 num,
	CSSM_DATA &cdata,
	SecNssCoder &coder);

/* CFDataRef <--> CSSM_DATA */
CFDataRef p12CssmDataToCf(
	const CSSM_DATA &c);
void p12CfDataToCssm(
	CFDataRef cf,
	CSSM_DATA &c,
	SecNssCoder &coder);

CSSM_DATA_PTR p12StringToUtf8(
	CFStringRef cfStr,
	SecNssCoder &coder);

const char *p12BagTypeStr(
	NSS_P12_SB_Type type);
const char *p7ContentInfoTypeStr(
	NSS_P7_CI_Type type);

/* map an OID to the components */

typedef enum {
	PW_None,			/* not comprehended */
	PW_PKCS5_v1_5,		/* PKCS5 v1.5 */
	PW_PKCS5_v2,		/* PKCS5 v2.0, not used by this module but parsed here */
	PW_PKCS12			/* PKCS12 */
} PKCS_Which;

/* returns false if OID not found */
bool pkcsOidToParams(
	const CSSM_OID 		*oid,
	CSSM_ALGORITHMS		&keyAlg,		// e.g., CSSM_ALGID_DES
	CSSM_ALGORITHMS		&encrAlg,		// e.g., CSSM_ALGID_3DES_3KEY_EDE
	CSSM_ALGORITHMS		&pbeHashAlg,	// SHA1 or MD5
	uint32				&keySizeInBits,
	uint32				&blockSizeInBytes,	// for IV, optional
	CSSM_PADDING		&padding,		// CSSM_PADDING_PKCS7, etc.
	CSSM_ENCRYPT_MODE	&mode,			// CSSM_ALGMODE_CBCPadIV8, etc.
	PKCS_Which			&pkcs);			// PW_PKCS5_v1_5 or PW_PKCS12

CSSM_RETURN p12VerifyMac(
	const NSS_P12_DecodedPFX 	&pfx,
	CSSM_CSP_HANDLE				cspHand,
	const CSSM_DATA				*pwd,	// unicode, double null terminated
	const CSSM_KEY				*passKey,
	SecNssCoder					&coder);// for temp mallocs

void p12GenSalt(
	CSSM_DATA 	&salt,
	SecNssCoder &coder);

void p12GenLabel(
	CSSM_DATA &label,
	SecNssCoder &coder);

void p12NullAlgParams(
	CSSM_X509_ALGORITHM_IDENTIFIER &algId);

/*
 * Free memory via specified plugin's app-level allocator
 */
void freeCssmMemory(
	CSSM_HANDLE	hand,
	void 		*p);

/*
 * Though it pains me to do this, I must. We "happen to know" the 
 * names (in string form) of two of a key's attributes. These
 * have not been published anywhere, they are hard-coded into 
 * the script (KeySchema.m4) which generates the KeySchema
 * tables. 
 */

/*
 * This one is initially the same as the "label" argument passed 
 * in to the CSP when creating or importing keys; it eventually
 * gets munged into the hash of the associated public key (
 * in our case, by p12SetPubKeyHash()).
 */
#define P12_KEY_ATTR_LABEL_AND_HASH		"Label"

/*
 * This one is the user-friendly name.
 */
#define P12_KEY_ATTR_PRINT_NAME			"PrintName"

/*
 * Find private key by label, modify its Label attr to be the
 * hash of the associated public key. 
 */
CSSM_RETURN p12SetPubKeyHash(
	CSSM_CSP_HANDLE 	cspHand,		// where the key lives
	CSSM_DL_DB_HANDLE 	dlDbHand,		// ditto
	CSSM_DATA			&keyLabel,		// for DB lookup
	CSSM_DATA_PTR		newPrintName,	// optional
	SecNssCoder			&coder,			// for mallocing newLabel
	CSSM_DATA			&newLabel,		// RETURNED with label as hash
	CSSM_KEY_PTR		&foundKey);		// RETURNED on dup key detect

CSSM_RETURN p12AddContextAttribute(CSSM_CC_HANDLE CCHandle,
	uint32 				AttributeType,
	uint32 				AttributeLength,
	const void 			*AttributePtr);

/*
 * Find private key by specified label, delete it.
 */
CSSM_RETURN p12DeleteKey(
	CSSM_DL_DB_HANDLE 	dlDbHand, 
	const CSSM_DATA		&keyLabel);

/* convert App passphrase to array of chars used in P12 PBE */
void p12ImportPassPhrase(
	CFStringRef			inPhrase,
	SecNssCoder			&coder,
	CSSM_DATA			&outPhrase);

/*
 * Standard error throwMes.
 * P12_ENCODE_ERR only occurs on DER-encode which should never fail. 
 */
#define P12_DECODE_ERR		errSecUnknownFormat
#define P12_ENCODE_ERR		errSecInternalComponent
#define P12_THROW_DECODE	MacOSError::throwMe(P12_DECODE_ERR)
#define P12_THROW_ENCODE	MacOSError::throwMe(P12_ENCODE_ERR)

#ifdef __cplusplus
}
#endif

#endif	/* _PKCS12_UTILS_H_ */
Commit	Line	Data
b1ab9ed8	1	/*
d8f41ccd	2	* Copyright (c) 2003-2004,2011,2013-2014 Apple Inc. All Rights Reserved.
b1ab9ed8 A	3	*
	4	* @APPLE_LICENSE_HEADER_START@
	5	*
	6	* This file contains Original Code and/or Modifications of Original Code
	7	* as defined in and that are subject to the Apple Public Source License
	8	* Version 2.0 (the 'License'). You may not use this file except in
	9	* compliance with the License. Please obtain a copy of the License at
	10	* http://www.opensource.apple.com/apsl/ and read it before using this
	11	* file.
	12	*
	13	* The Original Code and all software distributed under the License are
	14	* distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
	15	* EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
	16	* INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
	17	* FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
	18	* Please see the License for the specific language governing rights and
	19	* limitations under the License.
	20	*
	21	* @APPLE_LICENSE_HEADER_END@
	22	*/
	23	/*
	24	* pkcs12Utils.h
	25	*/
	26
	27	#ifndef _PKCS12_UTILS_H_
	28	#define _PKCS12_UTILS_H_
	29
	30	#include <Security/cssmtype.h>
	31	#include <security_asn1/SecNssCoder.h>
	32	#include <security_pkcs12/pkcs7Templates.h>
	33	#include <security_pkcs12/pkcs12Templates.h>
	34	#include <Security/cssmerr.h>
	35	#include <CoreFoundation/CoreFoundation.h>
b1ab9ed8 A	36
	37	#ifdef __cplusplus
	38	extern "C" {
	39	#endif
	40
	41	/* malloc a NULL-ed array of pointers of size num+1 */
	42	void **p12NssNullArray(
	43	uint32 num,
	44	SecNssCoder &coder);
	45
	46	/* CSSM_DATA --> uint32. Returns true if OK. */
	47	bool p12DataToInt(
	48	const CSSM_DATA &cdata,
	49	uint32 &u);
	50
	51	/* uint32 --> CSSM_DATA */
	52	void p12IntToData(
	53	uint32 num,
	54	CSSM_DATA &cdata,
	55	SecNssCoder &coder);
	56
	57	/* CFDataRef <--> CSSM_DATA */
	58	CFDataRef p12CssmDataToCf(
	59	const CSSM_DATA &c);
	60	void p12CfDataToCssm(
	61	CFDataRef cf,
	62	CSSM_DATA &c,
	63	SecNssCoder &coder);
	64
	65	CSSM_DATA_PTR p12StringToUtf8(
	66	CFStringRef cfStr,
	67	SecNssCoder &coder);
	68
	69	const char *p12BagTypeStr(
	70	NSS_P12_SB_Type type);
	71	const char *p7ContentInfoTypeStr(
	72	NSS_P7_CI_Type type);
	73
	74	/* map an OID to the components */
	75
	76	typedef enum {
	77	PW_None, /* not comprehended */
	78	PW_PKCS5_v1_5, /* PKCS5 v1.5 */
	79	PW_PKCS5_v2, /* PKCS5 v2.0, not used by this module but parsed here */
	80	PW_PKCS12 /* PKCS12 */
	81	} PKCS_Which;
	82
	83	/* returns false if OID not found */
	84	bool pkcsOidToParams(
	85	const CSSM_OID *oid,
	86	CSSM_ALGORITHMS &keyAlg, // e.g., CSSM_ALGID_DES
	87	CSSM_ALGORITHMS &encrAlg, // e.g., CSSM_ALGID_3DES_3KEY_EDE
	88	CSSM_ALGORITHMS &pbeHashAlg, // SHA1 or MD5
	89	uint32 &keySizeInBits,
	90	uint32 &blockSizeInBytes, // for IV, optional
	91	CSSM_PADDING &padding, // CSSM_PADDING_PKCS7, etc.
	92	CSSM_ENCRYPT_MODE &mode, // CSSM_ALGMODE_CBCPadIV8, etc.
	93	PKCS_Which &pkcs); // PW_PKCS5_v1_5 or PW_PKCS12
	94
	95	CSSM_RETURN p12VerifyMac(
	96	const NSS_P12_DecodedPFX &pfx,
	97	CSSM_CSP_HANDLE cspHand,
	98	const CSSM_DATA *pwd, // unicode, double null terminated
	99	const CSSM_KEY *passKey,
100	SecNssCoder &coder);// for temp mallocs
101
102	void p12GenSalt(
103	CSSM_DATA &salt,
104	SecNssCoder &coder);
105
106	void p12GenLabel(
107	CSSM_DATA &label,
108	SecNssCoder &coder);
109
110	void p12NullAlgParams(
111	CSSM_X509_ALGORITHM_IDENTIFIER &algId);
112
113	/*
114	* Free memory via specified plugin's app-level allocator
115	*/
116	void freeCssmMemory(
117	CSSM_HANDLE hand,
118	void *p);
119
120	/*
121	* Though it pains me to do this, I must. We "happen to know" the
122	* names (in string form) of two of a key's attributes. These
123	* have not been published anywhere, they are hard-coded into
124	* the script (KeySchema.m4) which generates the KeySchema
125	* tables.
126	*/
127
128	/*
129	* This one is initially the same as the "label" argument passed
130	* in to the CSP when creating or importing keys; it eventually
131	* gets munged into the hash of the associated public key (
132	* in our case, by p12SetPubKeyHash()).
133	*/
134	#define P12_KEY_ATTR_LABEL_AND_HASH "Label"
135
136	/*
137	* This one is the user-friendly name.
138	*/
139	#define P12_KEY_ATTR_PRINT_NAME "PrintName"
140
141	/*
142	* Find private key by label, modify its Label attr to be the
143	* hash of the associated public key.
144	*/
145	CSSM_RETURN p12SetPubKeyHash(
146	CSSM_CSP_HANDLE cspHand, // where the key lives
147	CSSM_DL_DB_HANDLE dlDbHand, // ditto
148	CSSM_DATA &keyLabel, // for DB lookup
149	CSSM_DATA_PTR newPrintName, // optional
150	SecNssCoder &coder, // for mallocing newLabel
151	CSSM_DATA &newLabel, // RETURNED with label as hash
152	CSSM_KEY_PTR &foundKey); // RETURNED on dup key detect
153
154	CSSM_RETURN p12AddContextAttribute(CSSM_CC_HANDLE CCHandle,
155	uint32 AttributeType,
156	uint32 AttributeLength,
157	const void *AttributePtr);
158
159	/*
160	* Find private key by specified label, delete it.
161	*/
162	CSSM_RETURN p12DeleteKey(
163	CSSM_DL_DB_HANDLE dlDbHand,
164	const CSSM_DATA &keyLabel);
165
166	/* convert App passphrase to array of chars used in P12 PBE */
167	void p12ImportPassPhrase(
168	CFStringRef inPhrase,
169	SecNssCoder &coder,
170	CSSM_DATA &outPhrase);
171
172	/*
173	* Standard error throwMes.
174	* P12_ENCODE_ERR only occurs on DER-encode which should never fail.
175	*/
176	#define P12_DECODE_ERR errSecUnknownFormat
427c49bc	177	#define P12_ENCODE_ERR errSecInternalComponent
b1ab9ed8 A	178	#define P12_THROW_DECODE MacOSError::throwMe(P12_DECODE_ERR)
	179	#define P12_THROW_ENCODE MacOSError::throwMe(P12_ENCODE_ERR)
	180
	181	#ifdef __cplusplus
	182	}
	183	#endif
	184
	185	#endif /* _PKCS12_UTILS_H_ */
	186